2010/3/17 Eric Sandeen <sandeen@xxxxxxxxxx>: > Michał Piotrowski wrote: >> Hi, >> >> I recetly had 30 hours of ssh brute force attack on my system. I'm >> using strong passwords, but still can be geneated from /dev/random, so >> I switched to rsa authentication. What's your favourite way to deal >> with such attacks? Please describe pros and cons. >> >> Regards, >> Michal > > Aside from not allowing password logins, I throttle them, they usually > get tired and go away to an easier target. > > -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -m limit --limit 1/minute --limit-burst 2 -j ACCEPT If I understand correctly - this limits ssh connections to two connections per minute. I tried it before on my devel server without success. I tried it now with your configuration also without success. I used -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -m limit --limit 2/minute --limit-burst 2 -j ACCEPT and I still can connect to ssh as many times as I want. > > > -Eric Regards, Michal -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
